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- The MAILING DATE of this communication appears on the cover sheet with the correspondence address - 
Period for Reply 

A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1.136(a). tn no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If the period for reply specified above is less than thirty (30) days, a reply within the statutory minimum of thirty (30) days will be considered timely. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 133). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1.704(b). 

Status 

1)13 Responsive to communication(s) filed on 31 March 2005 . 
2a)E3 This action is FINAL. 2b)D This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 1 1 , 453 O.G. 213. 

Disposition of Claims 

4) M Claim(s) 1-8. 15-31.34,35 and 37-39 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) [x] Claim(s) 1.4-6.8.15.16.20.21.23.24.26.27.30.31.34.35.38. and 39 is/are rejected. 

7) KI Claim(s) 2.3 J. 17-19.22.25.28.29 and 37 is/are objected to. 

8) D Claim(s) are subject to restriction and/or ejection requirement. 

Application Papers 

9) D The specification is objected to by the Examiner. 

10) D The drawing(s) filed on is/are: a)D accepted or b)D objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1.85(a). 
Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 

1 1) D The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 

Priority under 35 U.S.C. § 1 1 9 

12) Q Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 119(a)-(d) or (f). 
a)D All b)D Some * c)D None of: 

1 .□ Certified copies of the priority documents have been received. 

2.D Certified copies of the priority documents have been received in Application No. . 



3.Q Copies of the certified copies of the priority documents have been received in this National Stage 
application from the International Bureau (PCT Rule 17.2(a)). 
See the attached detailed Office action for a list of the certified copies not received. 



Attachment(s) 

1 ) Notice of References Cited (PTO-892) 

2) O Notice of Draftsperson's Patent Drawing Review (PTO-948) 

3) [H Information Disclosure Statement(s) (PTO-1449 or PTO/SB/08) 

Paper No(s)/Mail Date . 



4) 0 Interview Summary (PTO-413) 

Paper No(s)/Mail Date. . 

5) O Notice of Informal Patent Application (PTO-152) 

6) □ Other: . 
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DETAILED ACTION 



Response to Arguments 

1. Applicant's arguments with respect to claims 1-8,15-31,34,35, and 37-39 have 
been considered but are moot in view of the new ground of rejection. 

Claim Rejections - 35 USC § 102 

2. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351(a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21(2) 
of such treaty in the English language. 

3. Claims 1,4,6,15,1^21,23,24,26,27,31,34,35,38 and 39 are rejected under 35 
U.S.C. 102(e) as being anticipated by Hopkins, U.S. Patent 5,999,624. 

As per claims 1 and 21 , it is disclosed by Hopkins of a method and system for 
securely transmitting transaction data over a network having a public component 
wherein the transaction data includes PIN data and account information (non-PIN 
data)(col. 3, lines 55-63 and col. 9, lines 13-18). A first encryption operation is 
performed only on the PIN data (col. 3, lines 49-54). A second encryption operation is 
performed on the account information (non-PIN data) such at that the PIN data is 
cryptographically isolated from the account information (non-PIN data)(col. 9, lines 13- 
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24). The cryptographically isolated PIN data and account information (non-PIN data) is 
transmitted over the network to a processing institution (remote location) having only the 
capability to decode the second encryption operation (col. 9, lines 31-51). 

As per claim 4, Hopkins teaches of the second encryption process is performed 
on both the PIN and account information (non-PIN data) such that the encrypted PIN 
data resides within an encrypted envelope generated by the second encryption 
operation (col. 9, lines 13-24). 

As per claims 6 and 24, it is taught by Hopkins of a method and system decoding 
encrypted transaction data that includes account PIN data input by a user as well as 
account information (non-PIN data)(col. 9, lines 13-15 & 30-39). The encrypted 
transaction data is received from a first remote location over a network having a public 
component. At a processing institution (first remote location), a first decryption 
operation is performed to decode only the account information (non-PIN data) and 
transmits the encrypted account PIN data to a payment account institution (second 
remote location) that performs a second decryption operation to decode the encrypted 
account PIN data wherein the second decryption operation is different from the first 
decryption operation (col. 9, lines 13-17 & 30-51). 

As per claims 15,26,38, and 39, Hopkins discloses of a method and system of 
transporting PIN data input by a user and account information (non-Pllsl data) in a 
secure electronic transfer (col. 3, lines 55-63 and col. 9, lines 13-18). Only the PIN data 
is encrypted by a first encryption process (col. 3, lines 49-54). The account information 
(non-PIN data) is encrypted by a second encryption process (col. 9, lines 13-24). The 
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encrypted PIN and account information (non-PIN data) is transmitted over the network 
to a processing institution (authentication requestor at a remote location) wherein the 
processing institution (authentication requestor) has means to decrypt only the account 
information (non-PIN data)(col. 9, lines 31-51). The encrypted PIN is transmitted over a 
data network to a payment account institution (authorizing agent) for verification that 
decrypts and verifies the PIN data which in turn transmits a notification over the data 
network from the payment account institution (authorizing agent) to the processing 
institution (authentication requestor) of a verification status of the PIN data (col. 9, line 
30 through col. 10, line 4). 

As per claims 16 and 27, Hopkins teaches of transporting the PIN and account 
information (non-PIN data) wherein the second encryption process is different from the 
first encryption process (col. 9, lines 13-24). 

As per claims 23 and 31 , it is disclosed by Hopkins of the usage of a card reader 
for acquiring transaction data from a payment instrument (col. 7, lines 20-30). 

As per claim 34, it is taught by Hopkins of a method for decoding encrypted 
transaction data that includes encrypted account PIN data encrypted by a first 
encryption operation as well as encrypted account information (non-PIN data) encrypted 
with a second different encryption operation (col. 3, lines 55-63 and col. 9, lines 13-24). 
Transaction data is received from a processing institution (remote location) over a 
network having a public component, wherein the processing institution (remote location) 
does not have the capability to decode the encrypted PIN data. A first decryption 
operation is performed to decode the encrypted account information (non-PIN data) and 
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transmits the encrypted PIN data to a payment account institution (another remote 
location)(col. 9, lines 13-17 & 30-51). 

As per claim 35, Hopkins teaches of performing a second decryption operation at 
a payment account institution (another remote location) to decode the encrypted PIN 
data, wherein the second decryption operation is different from the first decryption 
operation (col. 9, lines 13-17 & 30-51). 

Claim Rejections - 35 USC § 103 

4. The following is a quotation of 35 U.S.C. 1 03(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

5. Claims 5,8,20, and 30 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Hopkins, U.S. Patent 5,999,624. 

The teachings of Hopkins disclose of protecting transaction data through use of 
doubly encrypting content. The teachings of Hopkins are silent in disclosing of 
calculating a digest by applying a one-way mathematical process and to append the 
digest for future verification. The examiner hereby takes official notice that the use of 
hashing to be appended to a file and later recomputing the hash to see if the information 
has not be altered based on the hash values matching is notoriously well known in the 
art. It would have been obvious to a person of ordinary skill in the art at the time of the 
invention to use hashing for data verification purposes. Hashing is notoriously well 
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known as a one-way mathematical process which converts data to a specific value and 
when recomputing the data using the same hashing function should produce the same 
hash value that indicates that the data has maintained its integrity. Otherwise, if the 
recomputed hash values do not match with the original has value, then it is determined 
that the data has been altered. It is obvious that the teachings of Hopkins would have 
benefited from the use of hashing as a means of maintaining the integrity of the 
proprietary information since are directed towards a secure processing system. 

Allowable Subject Matter 

6. Claims 2,3,7,17-19,22,25,28,29 and 37 objected to as being dependent upon a 
rejected base claim, but would be allowable if rewritten in independent form including all 
of the limitations of the base claim and any intervening claims. 

Conclusion 

7. Applicant's amendment necessitated the new ground(s) of rejection presented in 
this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP 

§ 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 
CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
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shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1 .136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the date of this final action. 

8. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Christopher A. Revak whose telephone number is 571- 
272-3794. The examiner can normally be reached on Monday-Friday, 6:30am-4:00pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz Sheikh can be reached on 571-272-3795. The fax phone number for 
the organization where this application or proceeding is assigned is 703-872-9306. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 
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July 11,2005 




